On Sat, Jan 10, 2009 at 04:07:35AM +0000, Alistair Crooks wrote:
>
> There's a whole heap of things we could do with a native pgp library -
> binary package signing is just one thing, misc binary provenance
> verification, hooks into veriexec, kernel module signing, hooking into
> mailers to say nothing of all the encryption possibilities.
I would like to note that, in fact, adding code to support another
(often redundant) clear and plaintext data format in userspace really
addresses few of the hard parts of the problems listed above.
Both "hooks into veriexec" and "kernel module signing" require public
key cryptography in the kernel. If we had that, we would already have
all the necessary building blocks in place; PGP adds nothing.
Note that most of the binaries on most NetBSD systems (including kernel
modules) come either from NetBSD itself, or from a single authorized
party. This makes the complexity of PGP's web-of-trust essentially
without benefit, as far as I can tell -- it is one of the few
applications almost perfect for simple S/MIME signatures via
certificate.
Code signing requires both the definition of a means for associating
signatures with code (easy, if you're willing to use separate files,
at which point you basically just have veriexec; hard, otherwise) and
the definition of sensible policies for making and using code signatures
in the base system.
If we had any of those things, we would already have everything we needed
in the base system by way of nbsvtool.
I am glad there is a reasonably licensed GPG replacement available now
but I am leery of suggesting that it is the major step (or even _a_ major
step) offering progress towards goals where the bulk of the real work
either has been or will be done by others.
Thor